Python: Remove points-to references from python.qll

For now, these have just been made into `private` imports. After doing this, I went through all of the (now not compiling) files and added in private imports to the modules that they actually depended on. I also added an explicit import of `LegacyPointsTo` (even though it may be unnecessary) in cases where the points-to dependency was somewhat surprising (and one we want to get rid of). This was primarily inside the various SSA layers. For modules inside `semmle.python.{types, objects, pointsto}` I did not bother, as these are fairly clearly related to points-to.
2026-05-03 04:39:29 +02:00 · 2025-10-30 16:37:28 +00:00
parent 85cb3e026c
commit 78c33ab55a
43 changed files with 73 additions and 39 deletions
--- a/python/ql/lib/semmle/python/Flow.qll
+++ b/python/ql/lib/semmle/python/Flow.qll
@@ -1,6 +1,7 @@
 import python
 private import semmle.python.internal.CachedStages
 private import codeql.controlflow.BasicBlock as BB
+private import LegacyPointsTo

 /*
 * Note about matching parent and child nodes and CFG splitting:
--- a/python/ql/lib/semmle/python/SSA.qll
+++ b/python/ql/lib/semmle/python/SSA.qll
@@ -1,6 +1,7 @@
 /** SSA library */

 import python
+private import LegacyPointsTo

 /**
 * A single static assignment variable.
--- a/python/ql/lib/semmle/python/SelfAttribute.qll
+++ b/python/ql/lib/semmle/python/SelfAttribute.qll
@@ -5,6 +5,7 @@

 import python
 private import semmle.python.pointsto.Filters
+private import LegacyPointsTo

 /**
 * An attribute access where the left hand side of the attribute expression
--- a/python/ql/lib/semmle/python/dataflow/new/internal/ImportResolution.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/ImportResolution.qll
@@ -9,6 +9,7 @@ private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.dataflow.new.internal.ImportStar
 private import semmle.python.dataflow.new.TypeTracking
 private import semmle.python.dataflow.new.internal.DataFlowPrivate
+private import semmle.python.essa.SsaDefinitions

 /**
 * Python modules and the way imports are resolved are... complicated. Here's a crash course in how
--- a/python/ql/lib/semmle/python/dataflow/old/Configuration.qll
+++ b/python/ql/lib/semmle/python/dataflow/old/Configuration.qll
@@ -1,6 +1,6 @@
 import python
 import semmle.python.dataflow.TaintTracking
-private import semmle.python.objects.ObjectInternal
+private import LegacyPointsTo
 private import semmle.python.dataflow.Implementation

 module TaintTracking {
--- a/python/ql/lib/semmle/python/dataflow/old/Files.qll
+++ b/python/ql/lib/semmle/python/dataflow/old/Files.qll
@@ -1,4 +1,5 @@
 import python
+private import LegacyPointsTo
 import semmle.python.dataflow.TaintTracking

 class OpenFile extends TaintKind {
--- a/python/ql/lib/semmle/python/dataflow/old/Implementation.qll
+++ b/python/ql/lib/semmle/python/dataflow/old/Implementation.qll
@@ -1,7 +1,6 @@
 import python
 private import LegacyPointsTo
 import semmle.python.dataflow.TaintTracking
-private import semmle.python.objects.ObjectInternal
 private import semmle.python.pointsto.Filters as Filters
 import semmle.python.dataflow.Legacy

--- a/python/ql/lib/semmle/python/dataflow/old/StateTracking.qll
+++ b/python/ql/lib/semmle/python/dataflow/old/StateTracking.qll
@@ -9,9 +9,7 @@
 */

 import python
-private import semmle.python.pointsto.PointsTo
-private import semmle.python.pointsto.PointsToContext
-private import semmle.python.objects.ObjectInternal
+private import LegacyPointsTo

 /** A state that should be tracked. */
 abstract class TrackableState extends string {
--- a/python/ql/lib/semmle/python/dataflow/old/TaintTracking.qll
+++ b/python/ql/lib/semmle/python/dataflow/old/TaintTracking.qll
@@ -89,7 +89,6 @@
 import python
 private import LegacyPointsTo
 private import semmle.python.pointsto.Filters as Filters
-private import semmle.python.objects.ObjectInternal
 private import semmle.python.dataflow.Implementation
 import semmle.python.dataflow.Configuration

--- a/python/ql/lib/semmle/python/dependencies/DependencyKind.qll
+++ b/python/ql/lib/semmle/python/dependencies/DependencyKind.qll
@@ -1,4 +1,5 @@
 import semmle.python.dependencies.Dependencies
+private import LegacyPointsTo

 /**
 * A library describing an abstract mechanism for representing dependency categories.
--- a/python/ql/lib/semmle/python/dependencies/TechInventory.qll
+++ b/python/ql/lib/semmle/python/dependencies/TechInventory.qll
@@ -1,6 +1,7 @@
 import python
 import semmle.python.dependencies.Dependencies
 import semmle.python.dependencies.DependencyKind
+private import LegacyPointsTo

 /**
 * Combine the source-file and package into a single string:
--- a/python/ql/lib/semmle/python/essa/Definitions.qll
+++ b/python/ql/lib/semmle/python/essa/Definitions.qll
@@ -1,5 +1,4 @@
 import python
-
 /*
 * Classification of variables. These should be non-overlapping and complete.
 *
@@ -12,6 +11,9 @@ import python
 * Escaping globals -- Global variables that have definitions and at least one of those definitions is in another scope.
 */

+private import LegacyPointsTo
+private import semmle.python.essa.SsaDefinitions
+
 /** A source language variable, to be converted into a set of SSA variables. */
 abstract class SsaSourceVariable extends @py_variable {
  SsaSourceVariable() {
--- a/python/ql/lib/semmle/python/essa/Essa.qll
+++ b/python/ql/lib/semmle/python/essa/Essa.qll
@@ -6,6 +6,8 @@ import python
 private import SsaCompute
 import semmle.python.essa.Definitions
 private import semmle.python.internal.CachedStages
+private import LegacyPointsTo
+private import semmle.python.essa.SsaDefinitions

 /** An (enhanced) SSA variable derived from `SsaSourceVariable`. */
 class EssaVariable extends TEssaDefinition {
--- a/python/ql/lib/semmle/python/essa/SsaDefinitions.qll
+++ b/python/ql/lib/semmle/python/essa/SsaDefinitions.qll
@@ -5,6 +5,7 @@

 import python
 private import semmle.python.internal.CachedStages
+private import LegacyPointsTo

 cached
 module SsaSource {
--- a/python/ql/lib/semmle/python/libraries/Zope.qll
+++ b/python/ql/lib/semmle/python/libraries/Zope.qll
@@ -1,7 +1,7 @@
 /** Utilities for handling the zope libraries */

 import python
-private import semmle.python.pointsto.PointsTo
+private import LegacyPointsTo

 /** A method that belongs to a sub-class of `zope.interface.Interface` */
 class ZopeInterfaceMethodValue extends PythonFunctionValue {
--- a/python/ql/lib/semmle/python/objects/Constants.qll
+++ b/python/ql/lib/semmle/python/objects/Constants.qll
@@ -5,6 +5,7 @@ private import semmle.python.pointsto.PointsTo
 private import semmle.python.pointsto.MRO
 private import semmle.python.pointsto.PointsToContext
 private import semmle.python.types.Builtins
+private import semmle.python.objects.ObjectAPI

 /**
 * A constant.
--- a/python/ql/lib/semmle/python/objects/Descriptors.qll
+++ b/python/ql/lib/semmle/python/objects/Descriptors.qll
@@ -5,6 +5,7 @@ private import semmle.python.pointsto.PointsTo
 private import semmle.python.pointsto.PointsToContext
 private import semmle.python.pointsto.MRO
 private import semmle.python.types.Builtins
+private import semmle.python.pointsto.Context

 /** A property object. */
 class PropertyInternal extends ObjectInternal, TProperty {
--- a/python/ql/lib/semmle/python/objects/Instances.qll
+++ b/python/ql/lib/semmle/python/objects/Instances.qll
@@ -5,6 +5,8 @@ private import semmle.python.pointsto.PointsTo
 private import semmle.python.pointsto.MRO
 private import semmle.python.pointsto.PointsToContext
 private import semmle.python.types.Builtins
+private import semmle.python.pointsto.Context
+private import semmle.python.pointsto.Base

 /** A class representing instances */
 abstract class InstanceObject extends ObjectInternal {
--- a/python/ql/lib/semmle/python/objects/Modules.qll
+++ b/python/ql/lib/semmle/python/objects/Modules.qll
@@ -5,6 +5,7 @@ private import semmle.python.pointsto.PointsTo
 private import semmle.python.pointsto.MRO
 private import semmle.python.pointsto.PointsToContext
 private import semmle.python.types.Builtins
+private import semmle.python.types.ImportTime

 /** A class representing modules */
 abstract class ModuleObjectInternal extends ObjectInternal {
--- a/python/ql/lib/semmle/python/objects/ObjectAPI.qll
+++ b/python/ql/lib/semmle/python/objects/ObjectAPI.qll
@@ -6,9 +6,6 @@
 import python
 private import LegacyPointsTo
 private import TObject
-private import semmle.python.objects.ObjectInternal
-private import semmle.python.pointsto.PointsTo
-private import semmle.python.pointsto.PointsToContext
 private import semmle.python.pointsto.MRO
 private import semmle.python.types.Builtins

--- a/python/ql/lib/semmle/python/objects/TObject.qll
+++ b/python/ql/lib/semmle/python/objects/TObject.qll
@@ -6,6 +6,7 @@ private import semmle.python.objects.ObjectInternal
 private import semmle.python.pointsto.PointsTo
 private import semmle.python.pointsto.PointsToContext
 private import semmle.python.internal.CachedStages
+private import semmle.python.pointsto.Context

 /**
 * Internal type backing `ObjectInternal` and `Value`
--- a/python/ql/lib/semmle/python/pointsto/Base.qll
+++ b/python/ql/lib/semmle/python/pointsto/Base.qll
@@ -12,6 +12,8 @@ import python
 import semmle.python.essa.SsaDefinitions
 private import semmle.python.types.Builtins
 private import semmle.python.internal.CachedStages
+private import semmle.python.types.Object
+private import semmle.python.types.ClassObject

 /*
 * The following predicates exist in order to provide
--- a/python/ql/lib/semmle/python/pointsto/CallGraph.qll
+++ b/python/ql/lib/semmle/python/pointsto/CallGraph.qll
@@ -11,6 +11,8 @@

 import python
 private import semmle.python.pointsto.PointsToContext
+private import semmle.python.types.FunctionObject
+private import semmle.python.pointsto.Context

 private newtype TTInvocation =
  TInvocation(FunctionObject f, Context c) {
--- a/python/ql/lib/semmle/python/pointsto/PointsTo.qll
+++ b/python/ql/lib/semmle/python/pointsto/PointsTo.qll
@@ -7,6 +7,11 @@ private import semmle.python.pointsto.MRO
 private import semmle.python.types.Builtins
 private import semmle.python.types.Extensions
 private import semmle.python.internal.CachedStages
+private import semmle.python.types.Object
+private import semmle.python.types.FunctionObject
+private import semmle.python.types.ClassObject
+private import semmle.python.pointsto.Base
+private import semmle.python.types.ImportTime

 /* Use this version for speed */
 class CfgOrigin extends @py_object {
--- a/python/ql/lib/semmle/python/pointsto/PointsToContext.qll
+++ b/python/ql/lib/semmle/python/pointsto/PointsToContext.qll
@@ -1,6 +1,8 @@
 import python
 private import semmle.python.pointsto.PointsTo
 private import semmle.python.objects.ObjectInternal
+private import semmle.python.types.ImportTime
+private import semmle.python.types.Version

 /*
 * A note on 'cost'. Cost doesn't represent the cost to compute,
--- a/python/ql/lib/semmle/python/types/Builtins.qll
+++ b/python/ql/lib/semmle/python/types/Builtins.qll
@@ -1,4 +1,5 @@
 import python
+private import LegacyPointsTo

 class Builtin extends @py_cobject {
  Builtin() {
--- a/python/ql/lib/semmle/python/types/ClassObject.qll
+++ b/python/ql/lib/semmle/python/types/ClassObject.qll
@@ -6,6 +6,7 @@ private import semmle.python.pointsto.PointsTo
 private import semmle.python.pointsto.MRO
 private import semmle.python.types.Builtins
 private import semmle.python.objects.ObjectInternal
+private import semmle.python.types.ImportTime

 /**
 * A class whose instances represents Python classes.
--- a/python/ql/lib/semmle/python/types/Descriptors.qll
+++ b/python/ql/lib/semmle/python/types/Descriptors.qll
@@ -1,5 +1,8 @@
 import python
 private import semmle.python.objects.ObjectInternal
+private import semmle.python.types.Object
+private import semmle.python.types.FunctionObject
+private import semmle.python.pointsto.Context

 /** A class method object. Either a decorated function or an explicit call to classmethod(f) */
 class ClassMethodObject extends Object {
--- a/python/ql/lib/semmle/python/types/Extensions.qll
+++ b/python/ql/lib/semmle/python/types/Extensions.qll
@@ -16,6 +16,7 @@ private import semmle.python.pointsto.PointsToContext
 private import semmle.python.objects.TObject
 /* Make ObjectInternal visible to save extra imports in user code */
 import semmle.python.objects.ObjectInternal
+import semmle.python.pointsto.Context

 abstract class PointsToExtension extends @py_flow_node {
  string toString() { result = "PointsToExtension with missing toString" }
--- a/python/ql/lib/semmle/python/types/FunctionObject.qll
+++ b/python/ql/lib/semmle/python/types/FunctionObject.qll
@@ -1,10 +1,7 @@
 import python
 private import LegacyPointsTo
-import semmle.python.types.Exceptions
-private import semmle.python.pointsto.PointsTo
 private import semmle.python.objects.Callables
 private import semmle.python.libraries.Zope
-private import semmle.python.objects.ObjectInternal
 private import semmle.python.types.Builtins

 /** A function object, whether written in Python or builtin */
--- a/python/ql/lib/semmle/python/types/ModuleKind.qll
+++ b/python/ql/lib/semmle/python/types/ModuleKind.qll
@@ -1,4 +1,5 @@
 import python
+private import semmle.python.types.ModuleObject

 private predicate is_normal_module(ModuleObject m) {
  m instanceof BuiltinModuleObject
--- a/python/ql/lib/semmle/python/types/ModuleObject.qll
+++ b/python/ql/lib/semmle/python/types/ModuleObject.qll
@@ -2,6 +2,9 @@ import python
 private import semmle.python.pointsto.PointsTo
 private import semmle.python.objects.ObjectInternal
 private import semmle.python.types.ModuleKind
+private import semmle.python.types.Object
+private import semmle.python.types.ClassObject
+private import semmle.python.objects.ObjectAPI

 abstract class ModuleObject extends Object {
  ModuleValue theModule() {
--- a/python/ql/lib/semmle/python/types/Object.qll
+++ b/python/ql/lib/semmle/python/types/Object.qll
@@ -1,6 +1,5 @@
 import python
 private import LegacyPointsTo
-private import semmle.python.objects.ObjectInternal
 private import semmle.python.types.Builtins
 private import semmle.python.internal.CachedStages

--- a/python/ql/lib/semmle/python/values/StringAttributes.qll
+++ b/python/ql/lib/semmle/python/values/StringAttributes.qll
@@ -1,8 +1,5 @@
 import python
 private import LegacyPointsTo
-private import semmle.python.types.Object
-private import semmle.python.types.ClassObject
-private import semmle.python.types.FunctionObject

 predicate string_attribute_all(ControlFlowNodeWithPointsTo n, string attr) {
  (n.getNode() instanceof Unicode or n.getNode() instanceof Bytes) and